Way to Bypass Queue-Proxy #15632
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
|
Hi @nardineshak, what are the security risks for the QP <-> APPs connection given that this is on local network within the pod? Are your refering to the end-to-end connection between activator and QP? We have implemented internal encryption for Kourier as well: https://knative.dev/docs/serving/encryption/encryption-overview. Would that help with the risks?
Is there a discussion happening elsewhere upstream?
No, that is not an option. cc @ReToCode who may have to add more on the topic. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was advised to raise an issue regarding the possibility of bypassing the queue-proxy. Currently, I am migrating my service to Knative, and the configured proxy is Kourier. While I have external TLS in place, I am concerned about potential security risks associated with the HTTP connection between queue-proxy and Kservice. Can the queue-proxy get bypassed some way?
What version of Knative?
Expected Behavior
Actual Behavior
Steps to Reproduce the Problem
The text was updated successfully, but these errors were encountered: